From db129a84a10ba95a33bfaed7ce4aee7744c47735 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Thu, 5 Oct 2023 13:07:34 +0200
Subject: [PATCH] fix: better handling of changed status

---
 tests/tests_modifications_with_selinux_disabled.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/tests_modifications_with_selinux_disabled.yml b/tests/tests_modifications_with_selinux_disabled.yml
index bc9273f..672136a 100644
--- a/tests/tests_modifications_with_selinux_disabled.yml
+++ b/tests/tests_modifications_with_selinux_disabled.yml
@@ -19,8 +19,9 @@
         name: sar-user
     - name: Switch to permissive to allow login when selinuxfs is not mounted
       command: setenforce 0
-      changed_when: false
-      when: ansible_selinux.status != "disabled"
+      changed_when: true
+      when: ansible_selinux.status != "disabled" and
+        ansible_selinux.status != "permissive"
     - name: Get selinuxfs mountpoint
       command: findmnt -n -t selinuxfs --output=target
       changed_when: false
@@ -29,7 +30,7 @@
         Umount selinux mountpoint to emulate SELinux disabled
         system {{ selinux_mountpoint.stdout }}
       command: umount -l {{ selinux_mountpoint.stdout }}
-      changed_when: false
+      when: selinux_mountpoint.stdout != ""
 
     - name: Execute the role and catch errors
       block:
@@ -56,10 +57,11 @@
       # noqa command-instead-of-module
       command: >-
         mount -t selinuxfs selinuxfs {{ selinux_mountpoint.stdout }}
-      changed_when: false
+      changed_when: true
     - name: Switch back to enforcing
       command: setenforce 1
-      changed_when: false
+      changed_when: true
+      when: ansible_selinux.status == "enforcing"
     - name: Gather facts again
       setup: